Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.2

    HIGH
    CVE-2025-61247

    indieka900 online-shopping-system-php 1.0 is vulnerable to SQL Injection in the password parameter of login.php.... Read more

    Affected Products :
    • Published: Oct. 27, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Injection

  • 6.2

    MEDIUM
    CVE-2025-10023

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Services Meta-services modules) allows Stored XSS by users with elevated privileges.This issue affects Infra Monitori... Read more

    Affected Products : infra_monitoring
    • Published: Oct. 27, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.8

    MEDIUM
    CVE-2025-12291

    A vulnerability was found in ashymuzuro Full-Ecommece-Website and Muzuro Ecommerce System up to 1.1.0. This affects an unknown part of the file /admin/index.php?add_product of the component Add Product Page. The manipulation results in unrestricted upload... Read more

    Affected Products :
    • Published: Oct. 27, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Misconfiguration

  • 2.0

    LOW
    CVE-2025-32785

    Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level advertisement and internet tracker blocking application. Pi-hole Admin Interface versions prior to 6.3 are vulnerable to cross-site scripting (XSS) via the Address field in t... Read more

    Affected Products : web_interface
    • Published: Oct. 27, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2023-49440

    AhnLab EPP 1.0.15 is vulnerable to SQL Injection via the "preview parameter."... Read more

    Affected Products :
    • Published: Oct. 27, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2023-37749

    Incorrect access control in the REST API endpoint of HubSpot v1.29441 allows unauthenticated attackers to view users' data without proper authorization.... Read more

    Affected Products :
    • Published: Oct. 27, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Authorization

  • 7.2

    HIGH
    CVE-2025-61482

    Improper handling of OTP/TOTP/HOTP values in NetKnights GmbH privacyIDEA Authenticator v.4.3.0 on Android allows local attackers with root access to bypass two factor authentication. By hooking into app crypto routines and intercepting decryption paths, a... Read more

    Affected Products :
    • Published: Oct. 27, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Authentication

  • 6.2

    MEDIUM
    CVE-2025-60791

    Easywork Enterprise 2.1.3.354 is vulnerable to Cleartext Storage of Sensitive Information in Memory. The application leaves valid device-bound license keys in process memory after a failed activation attempt. The keys can be obtained by attaching a debugg... Read more

    Affected Products :
    • Published: Oct. 27, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2025-52268

    StarCharge Artemis AC Charger 7-22 kW v1.0.4 was discovered to contain a hardcoded AES key which allows attackers to forge or decrypt valid login tokens.... Read more

    Affected Products :
    • Published: Oct. 27, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Cryptography

  • 0.0

    NONE
    CVE-2025-26862

    Unexpected authentication form rendering in HTML Form Adapter using only non-default redirectless mode in PingFederate allows authentication attempts which may enable brute force login attacks.... Read more

    Affected Products : pingfederate
    • Published: Oct. 27, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Authentication

  • 8.0

    HIGH
    CVE-2025-52263

    An issue in the Web Configuration module of Startcharge Artemis AC Charger 7-22 kW v1.0.4 allows authenticated network-adjacent attackers to upload crafted firmware, leading to arbitrary code execution.... Read more

    Affected Products :
    • Published: Oct. 27, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Misconfiguration

  • 7.2

    HIGH
    CVE-2025-10151

    Improper locking vulnerability in Softing Industrial Automation GmbH gateways allows infected memory and/or resource leak exposure.This issue affects smartLink HW-PN: from 1.02 through 1.03 smartLink HW-DP: 1.31... Read more

    Affected Products :
    • Published: Oct. 28, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2025-40030

    In the Linux kernel, the following vulnerability has been resolved: pinctrl: check the return value of pinmux_ops::get_function_name() While the API contract in docs doesn't specify it explicitly, the generic implementation of the get_function_name() ca... Read more

    Affected Products : linux_kernel
    • Published: Oct. 28, 2025
    • Modified: Oct. 30, 2025

  • 7.6

    HIGH
    CVE-2025-41090

    microCLAUDIA in v3.2.0 and prior has an improper access control vulnerability. This flaw allows an authenticated user to perform unauthorized actions on other organizations' systems by sending direct API requests. To do so, the attacker can use organizat... Read more

    Affected Products : microclaudia
    • Published: Oct. 28, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Authorization

  • 0.0

    NA
    CVE-2025-40036

    In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: fix possible map leak in fastrpc_put_args copy_to_user() failure would cause an early return without cleaning up the fdlist, which has been updated by the DSP. This could... Read more

    Affected Products : linux_kernel
    • Published: Oct. 28, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-40037

    In the Linux kernel, the following vulnerability has been resolved: fbdev: simplefb: Fix use after free in simplefb_detach_genpds() The pm_domain cleanup can not be devres managed as it uses struct simplefb_par which is allocated within struct fb_info b... Read more

    Affected Products : linux_kernel
    • Published: Oct. 28, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Memory Corruption

  • 9.1

    CRITICAL
    CVE-2025-61128

    Stack-based buffer overflow vulnerability in WAVLINK QUANTUM D3G/WL-WN530HG3 firmware M30HG3_V240730, and possibly other wavlink models allows attackers to execute arbitrary code via crafted referrer value POST to login.cgi.... Read more

    Affected Products :
    • Published: Oct. 28, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Memory Corruption

  • 8.9

    HIGH
    CVE-2025-62725

    Docker Compose trusts the path information embedded in remote OCI compose artifacts. When a layer includes the annotations com.docker.compose.extends or com.docker.compose.envfile, Compose joins the attacker‑supplied value from com.docker.compose.file/com... Read more

    Affected Products :
    • Published: Oct. 27, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Path Traversal

  • 8.2

    HIGH
    CVE-2025-59151

    Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level advertisement and internet tracker blocking application. Pi-hole Admin Interface before 6.3 is vulnerable to Carriage Return Line Feed (CRLF) injection. When a request is mad... Read more

    Affected Products : web_interface
    • Published: Oct. 27, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Injection

  • 0.0

    NA
    CVE-2025-40026

    In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Don't (re)check L1 intercepts when completing userspace I/O When completing emulation of instruction that generated a userspace exit for I/O, don't recheck L1 intercepts as KV... Read more

    Affected Products : linux_kernel
    • Published: Oct. 28, 2025
    • Modified: Oct. 30, 2025
Showing 20 of 3877 Results